Welcome to Apple iCloud phishing attacks

Apple iCloud phishingWhen a Naked Security reader forwarded us a suspicious email he received today, it served as a healthy reminder for all computer users to be on their guard against phishing attacks.

The email claims to come from Apple, and appears to have targeted our correspondent because he is a user of Apple’s MobileMe service.

Apple is planning to shut down its MobileMe service in mid-2012, as it is readying its new iCloud service (which will store music, photos, calendars, documents etc in ‘the cloud’ and wirelessly push them to all of your devices).

Understandably, a lot of MobileMe users are interested in how they will migrate to iCloud and this is the issue that the phishing email uses as bait.

iCloud phishing email

Subject:

Welcome to iCLOUD

Message body:

Important information for MobileMe members.

Dear MobileMe member,

Please sign up for iCloud and click the submit botton, you'll be able to keep your old
email address and move your mail, contacts, calendars, and bookmarks to the new service.

Your subscription will be automatically extended through July 31, 2012, at no additional charge.
After that date, MobileMe will no longer be available.

Click here to update iCLOUD

Sincerely,

The Apple store Team

If you make the decision to click on the link in the email, however, you are not taken to an official Apple website – but instead a third-party site that is trying hard to present itself in an Apple style.

Phishing website

Yes, it’s a phishing website.

And just look what it’s asking for: your credit card details, your address, your social security number, your full date of birth, your mother’s maiden name and your Apple ID credentials.

Crumbs! Imagine the harm a fraudster could cause with all that information.

Make sure you have your eyes peeled for phishing attacks, and be on your guard regarding unsolicited messages you receive in your inbox. It could be you who gets hit by a phishing attack next.

Hat tip: Thanks to Naked Security reader Jeff for alerting us to this phishing campaign.